An increased number of Cyber heists and Ransomewhere Security attacks is paramount for every merchant, financial institution, or other entity that stores, processes, or transmits cardholder data. The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions and software developers and manufacturers of applications and devices used in those transactions. Maintaining payment security is serious business. It is vital that every entity responsible for cardholder data security diligently follows the PCI Data Security Standards.
If you accept or process payment cards, the PCI Data Security Standards apply to you. These standards cover technical and operational system components included in or connected to cardholder data.
Firewalls are devices that control computer traffic allowed between an entity’s networks (internal) and untrusted networks (external), as well as traffic into and out of more sensitive areas within an entity’s internal trusted networks. The cardholder data environment is an example of a more sensitive area within an entity’s trusted network. A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. All systems must be protected from unauthorized access from untrusted networks, whether entering the system via the Internet as e-commerce, employee Internet access through desktop browsers, employee e-mail access, dedicated connections such as business-to-business connections, via wireless networks, or via other sources. Often, seemingly insignificant paths to and from untrusted networks can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.
Malicious individuals (external and internal to an entity) often use vendor default passwords and other vendor default settings to compromise systems. These passwords and settings are well known by hacker communities and are easily determined via public information.
Author: DeshCyber Security Engineer
March 17, 2021